CVE-2012-5468
https://notcve.org/view.php?id=CVE-2012-5468
Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters. Desbordamiento de búfer en memoria dinámica en iconvert.c en el componente bogolexer en Bogofilter anteriores a v1.2.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un correo electrónico que contiene una cadena base64 que se decodifica a caracteres multibyte incompletos. • http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01 http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973 http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975 http://secunia.com/advisories/51334 http://secunia.com/advisories/51521 http://www.debian.org/security/2012/dsa-2585 http://www.mandriva.com/security/advisories?name=MDVSA-2013:064 http://www.openwall.com/lists/oss-security/2012/12/03/13 http://www.securityfocus.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2494
https://notcve.org/view.php?id=CVE-2010-2494
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character. Múltiples desbordamientos inferiores de búfer en el decodificador base64 en base64.c en (1) bogofilter y (2) bogolexer en bogofilter anterior a v1.2.2 permite a atacantes remotos provocar una denegación de servicio (corrupción en la pila de memoria y cuelgue de la aplicación) a través de un mensaje de correo electrónico con datos en base64 no válidos que comienza con un carácter = (igual). • http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01 http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909 http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046590.html http://lists.opensuse.org/opensuse-security-announce/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-4592
https://notcve.org/view.php?id=CVE-2005-4592
Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex. • http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-02 http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/18352 http://secunia.com/advisories/18717 http://www.securityfocus.com/bid/16171 http://www.vupen.com/english/advisories/2006/0100 https://exchange.xforce.ibmcloud.com/vulnerabilities/24119 •
CVE-2005-4591
https://notcve.org/view.php?id=CVE-2005-4591
Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets. • http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01 http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/18352 http://secunia.com/advisories/18427 http://secunia.com/advisories/18717 http://www.securityfocus.com/bid/16171 http://www.vupen.com/english/advisories/2006/0100 https://exchange.xforce.ibmcloud.com/vulnerabilities/24118 https://usn.ubuntu.com/240-1 •
CVE-2004-1007
https://notcve.org/view.php?id=CVE-2004-1007
The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address. • http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01 https://exchange.xforce.ibmcloud.com/vulnerabilities/17916 •